Posted on

CVE-2018-1000655 (jsish)

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.

Posted on

Adobe Acrobat Reader up to 9.2 Doc.media.newPlayer memory corruption

A vulnerability has been found in Adobe Acrobat Reader and classified as critical. This vulnerability affects the function Doc.media.newPlayer. Applying a patch is able to eliminate this problem. The bugfix is ready for download at metasploit.com. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9356.

Posted on

CVE-2018-1000649 (librehealth_ehr)

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.

Posted on

Adobe Acrobat Reader prior 9.0 ACE.dll memory corruption [CVE-2011-0598]

A vulnerability was found in Adobe Acrobat Reader and classified as critical. Affected by this issue is an unknown function in the library ACE.dll. Upgrading to version 9.0 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 13581.